Cybersecurity experts warn Russia’s premier intelligence agency has launched another campaign to pierce thousands of U.S. government, corporate and think-tank computer networks.
Nate Foster is an associate professor of computer science at Cornell University. His research attempts to solve problems in networking, databases, and security. Foster says the attacks highlight continued concerns about cybersecurity.
Foster says:
“Microsoft published a blog post today detailing ongoing attacks by state-sponsored Russian actors. The goal of these attacks appears to be gaining access to the data and systems hosted on public cloud platforms like Microsoft Azure.
“Unlike other recent incidents, such as 2019 SolarWinds attack, the techniques the attackers are using are fairly rudimentary: brute forcing passwords, phishing emails, etc. But the targets of these attacks are new: rather than focusing on cloud customers, they are targeting third-party companies known as ‘cloud resellers’ that provide management and services. In general, these resellers are less likely to have adopted best practices like multi-factor authentication, so they are more vulnerable to simple attacks.
“By compromising one of these resellers, the attackers can often gain increased privileges, which allows them to move laterally within the cloud platform and gain access to other sensitive data and systems.
“Stepping back, the bigger picture is that these attacks highlight continued concerns about cybersecurity but also some reason for optimism. On the one hand, it’s clear that cyberattacks are not going away, despite diplomatic pressure on Russia by the Biden administration. On the other hand, there is some reason to be optimistic about long-term security trends. The tech companies that operate public clouds have large teams that are constantly working to improve security for their platforms and their customers. They are also moving to mandate best practices for cloud resellers, such as use of multi-factor authentication. So, over the long term, the shift to cloud platforms may help to improve security in practice.”